AW: [Dshield] Scans on port 3659?

Andre Costa brblueser at uol.com.br
Tue Nov 12 13:27:38 GMT 2002


Hi Holger,

thks for the pointer, I wasn't aware of www.cve.mitre.org. However, I am
affraid both entries listed by the query below were found only because
they have the string 3659 in it, but not related to this probl we've
been discussing.

Thks anyway,

Andre

On Sun, 10 Nov 2002 20:17:14 +0100
Holger.Luettich at t-online.de (hluettich) wrote:

> Hi all,
> 
> Have a look at
> http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=3659
> ,
> The CVE website is also linked a dshield
> 
> Best
> 
> Holger
> 
> -----Ursprüngliche Nachricht-----
> Von: list-admin at dshield.org [mailto:list-admin at dshield.org] Im Auftrag
> von André Costa
> Gesendet: Donnerstag, 7. November 2002 17:53
> An: DShield ML
> Betreff: [Dshield] Scans on port 3659?
> 
> 
> Hi all,
> 
> I am new to this list and to firewall maintenance in general, so
> please bear with any stupid thing I might say ;) Also, if this is not
> the right place for such questions, please apologize and direct me
> somewhere else.
> 
> I have a dual boot machine here at home, with Win2k Pro and RH Linux
> 7.1(kernel 2.4.19), connected to a cablemodem. I have Sygate Personal
> Firewall on Win2k and iptables on Linux, both seem to be working fine.
> 
> For the last two days I've been blocking TCP scans on my port 3659
> like hell. These seem to come from different ports on the same
> machines as in: (taken from exported SPF logs)
> 
> [snip]
> 1476    11/07/2002 13:33:16     Blocked TCP     Incoming
> 200.168.1.105   3950    200.255.184.111 3659            3
> 11/07/2002
> 13:32:05     11/07/2
> 002 13:32:14    Block_all
> 1478    11/07/2002 13:34:02     Blocked TCP     Incoming
> 200.168.1.105   3992    200.255.184.111 3659            3
> 11/07/2002
> 13:32:48     11/07/2
> 002 13:32:57    Block_all
> 1480    11/07/2002 13:37:28     Blocked TCP     Incoming
> 200.168.1.105   4069    200.255.184.111 3659            3
> 11/07/2002
> 13:36:18     11/07/2
> 002 13:36:27    Block_all
> 1481    11/07/2002 13:38:09     Blocked TCP     Incoming
> 200.168.1.105   4095    200.255.184.111 3659            3
> 11/07/2002
> 13:36:54     11/07/2
> 002 13:37:03    Block_all
> 1482    11/07/2002 13:38:29     Blocked TCP     Incoming
> 200.168.1.105   4117    200.255.184.111 3659            3
> 11/07/2002
> 13:37:17     11/07/2
> 002 13:37:26    Block_all
> 1483    11/07/2002 13:38:50     Blocked TCP     Incoming
> 200.168.1.105   4139    200.255.184.111 3659            3
> 11/07/2002
> 13:37:37     11/07/2
> 002 13:37:46    Block_all
> [snip]
> 
> But it also comes from different sources as well (many times a day,
> sometimes a few minutes apart).
> 
> I tried Google for info on recent activity on this port, but found
> nothing. No luck here either:
> http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
> 
> Anybody out there experiencing the same? Should I report it somewhere?
> 
> TIA,
> 
> Andre
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list


-- 
Andre Oliveira da Costa




More information about the list mailing list